Exploitation on ARM - Technique and Bypassing Defense Mechanisms

Presented at DEF CON 18 (2010), Aug. 1, 2010, noon (50 minutes)

In this presentation there will be covered (from scratch) quick talk on security mechanisms on X86 and how to bypass them, how exploits are being used on X86 and why they won't work as is on ARM, How to approach ARM assembly from hacker point of view and how to write exploits in the proper way for a remote and local attacker on ARM, what are the options for ARM hacker, etc. This presentation starts from the very basics of ARM assembly (since there are not lots of expert on this subject) and advance to an expert level of ARM. After this talk you'll think in ARM way. Today, ARM is running on almost everything (mobile phones, TVs, or tons of other devices). Till now, we were used to think that ARM means no protection mechanisms, which is not the case with the next generation mobile phones. In the recent/upcoming mobile phones you can start seeing security mechanisms implied. How can you run your shellcode if your stack is not executable? What else do you need to know? There's almost nothing known on how to exploit weaknesses over ARM in the assembly level, when there are security mechanisms which are very common in X86. This presentation also presents a technique to create a shellcode which will be able to pass security mechanisms over ARM. For example, this technique can be used to exploit a stack-overflow on ARM when stack is not executable.

Presenters:

• Itzhak "Zuk" Avraham - Researcher at Samsung Electronics & Partner at PreIncidentAssessment.com
  Itzhak Avraham (zuk) is a Computer & Network Security Expert who has done a wide variety of vulnerability Assessments. Itzhak worked at the IDF as a Security Researcher and later as Security Researcher Training Specialist. Itzhak has worked at top penetration testing companies in Israel. He is a Senior Engineer at Samsung R&D (Israel) and he's a proud partner of PreIncidentAssessment.com where he consults for special pentesting/hacking/RE projects. He's interested in any hacking related topics such as : regular (network/web) hacking, reverse engineering and exploitation of security weaknesses. As a hobby he's volunteering for malware analysis at MalwareInt. Twits under @ihackbanme and holds a personal hacking related blog at http://imthezuk.blogspot.com.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Avraham
• https://www.youtube.com/watch?v=r4XFFV-tQMI

Similar Presentations:

• Black Hat Europe 2020 Virtual / Jack-in-the-Cache: A New Code injection Technique through Modifying X86-to-ARM Translation Cache
• DerbyCon 3.0 All in the Family (2013) / A SysCall to ARMs
• DeepSec 2017 „Science First!“ / The ARM IoT Exploit Laboratory (Three-Day Workshop) (closed)